Add Script to Generate SSH `allowed_signers` File from GitLab Public SSH Keys
GitHub and GitLab have public endpoints that return the public SSH keys for a username. We probably can use this to generate an allowed_signers
file that includes all keys used to sign commits in a repo.
GitHub Keys: https://github.com/<username>.keys
My Keys
GitLab Keys: https://git.codingallnight.com/<username>.keys
My Keys
Those URLs use the username, and all we know from git is the username, so we'll have to use the API of each site to find the usernames.
We can determine which site to grab keys from by looking at the remote URL of the repo.
We can also create an allowed_signers
file per repo so that we don't pollute our global file: https://docs.gitlab.com/ee/user/project/repository/ssh_signed_commits/#verify-commits-locally